feat: Use Codefresh provided storage for workflow logs (#428)

Author: ilia-medvedev-codefresh

charts/gitops-runtime/Chart.yaml

@@ -42,11 +42,6 @@ dependencies:
   version: 0.7.9
   alias: gitops-operator
   condition: gitops-operator.enabled
-- name: garage
-  repository: https://codefresh-io.github.io/garage
-  alias: garage-workflows-artifact-storage
-  version: 0.5.0-cf.3
-  condition: garage-workflows-artifact-storage.enabled
 - name: cf-argocd-extras
   repository: oci://quay.io/codefresh/charts
   version: 0.5.1

charts/gitops-runtime/README.md

@@ -16,6 +16,25 @@ See [Use OCI-based registries](https://helm.sh/docs/topics/registries/)
 ## Codefresh official documentation:
 Prior to running the installation please see the official documentation at: https://codefresh.io/docs/docs/installation/gitops/hybrid-gitops-helm-installation/
 
+## Argo-workflows artifact and log storage
+Codefresh provides a SaaS object storage based solution for Argo workflows logs storage. The chart deploys a configmap named `codefresh-workflows-log-store` with the repository configuration.
+If you want to utilize the Codefresh SaaS solution for log storage for all workflows in the runtime please set the following values:
+
+```yaml
+argo-workflows:
+  controller:
+    workflowDefaults:
+      spec:
+        artifactRepository:
+          configMap: codefresh-workflows-log-store
+          key: codefresh-workflows-log-store
+```
+
+> [!WARNING]
+> It's highly recommended to use your own artifact storage for data privacy reasons.
+> Codefresh provided storage has a retention policy of 14 days and limitations on uploaded file sizes.
+> Please refer to the official documentation for more details.
+
 ## Installation with External ArgoCD
 
 If you want to use an existing ArgoCD installation, you can disable the built-in ArgoCD and configure the GitOps Runtime to use the external ArgoCD.
@@ -259,15 +278,18 @@ sealed-secrets:
 | argo-rollouts.enabled | bool | `true` |  |
 | argo-rollouts.fullnameOverride | string | `"argo-rollouts"` |  |
 | argo-rollouts.installCRDs | bool | `true` |  |
+| argo-workflows.controller.workflowDefaults.spec.archiveLogs | bool | `true` |  |
 | argo-workflows.crds.install | bool | `true` | Install and upgrade CRDs |
 | argo-workflows.enabled | bool | `true` |  |
 | argo-workflows.executor.resources.requests.ephemeral-storage | string | `"10Mi"` |  |
 | argo-workflows.fullnameOverride | string | `"argo"` |  |
 | argo-workflows.mainContainer.resources.requests.ephemeral-storage | string | `"10Mi"` |  |
 | argo-workflows.server.authModes | list | `["client"]` | auth-mode needs to be set to client to be able to see workflow logs from Codefresh UI |
 | argo-workflows.server.baseHref | string | `"/workflows/"` | Do not change. Workflows UI is only accessed through internal router, changing this values will break routing to workflows native UI from Codefresh. |
-| cf-argocd-extras | object | `{"libraryMode":true}` | Codefresh extra services for ArgoCD |
+| cf-argocd-extras | object | `{"eventReporter":{"affinity":{},"enabled":true,"nodeSelector":{},"tolerations":[]},"libraryMode":true,"sourcesServer":{"affinity":{},"enabled":true,"nodeSelector":{},"tolerations":[]}}` | Codefresh extra services for ArgoCD |
 | cf-argocd-extras.libraryMode | bool | `true` | Library mode for the chart. Allows to inject values from gitops runtime chart |
+| cf-argocd-extras.sourcesServer | object | `{"affinity":{},"enabled":true,"nodeSelector":{},"tolerations":[]}` | Sources server configuration |
+| codefreshWorkflowLogStoreCM | object | `{"enabled":true,"endpoint":"gitops-workflow-logs.codefresh.io","insecure":false}` | Argo workflows logs storage on Codefresh platform settings. Don't change unless instructed by Codefresh support. |
 | event-reporters.rollout.eventSource.affinity | object | `{}` |  |
 | event-reporters.rollout.eventSource.nodeSelector | object | `{}` |  |
 | event-reporters.rollout.eventSource.replicas | int | `1` |  |
@@ -304,14 +326,6 @@ sealed-secrets:
 | event-reporters.workflow.sensor.retryStrategy.steps | int | `3` | Number of retries |
 | event-reporters.workflow.sensor.tolerations | list | `[]` |  |
 | event-reporters.workflow.serviceAccount.create | bool | `true` |  |
-| garage-workflows-artifact-storage | object | `{"deployment":{"kind":"StatefulSet","replicaCount":3},"enabled":false,"fullnameOverride":"garage","garage":{"replicationMode":3},"persistence":{"data":{"size":"100Mi","storageClass":""},"enabled":true,"meta":{"size":"100Mi","storageClass":""}},"resources":{},"tests":{"enabled":false}}` | Builtin Workflows artifacts storage solution. Local S3 backed by local persistence with (PV and PVC) |
-| garage-workflows-artifact-storage.deployment.kind | string | `"StatefulSet"` | Only statefulset is supported for Codefresh gitops runtime. Do not change this |
-| garage-workflows-artifact-storage.persistence.data | object | `{"size":"100Mi","storageClass":""}` | Volume that stores artifacts and logs for workflows |
-| garage-workflows-artifact-storage.persistence.data.storageClass | string | `""` | When empty value empty the default storage class for the cluster will be used |
-| garage-workflows-artifact-storage.persistence.meta | object | `{"size":"100Mi","storageClass":""}` | Volume that stores cluster metadata |
-| garage-workflows-artifact-storage.persistence.meta.storageClass | string | `""` | When empty value empty the default storage class for the cluster will be used |
-| garage-workflows-artifact-storage.resources | object | `{}` | Resources for garage pods. For smaller deployments at least 100m CPU and 1024Mi memory is reccommended. For larger deployments double this size. |
-| garage-workflows-artifact-storage.tests | object | `{"enabled":false}` | Helm tests |
 | gitops-operator.affinity | object | `{}` |  |
 | gitops-operator.crds | object | `{"additionalLabels":{},"annotations":{},"install":true,"keep":false}` | Codefresh gitops operator crds |
 | gitops-operator.crds.additionalLabels | object | `{}` | Additional labels for gitops operator CRDs |
@@ -369,7 +383,8 @@ sealed-secrets:
 | global.external-argo-rollouts | object | `{"rollout-reporter":{"enabled":false}}` | Configuration for external Argo Rollouts |
 | global.external-argo-rollouts.rollout-reporter | object | `{"enabled":false}` | Rollout reporter settings |
 | global.external-argo-rollouts.rollout-reporter.enabled | bool | `false` | Enable or disable rollout reporter Configuration is defined at .Values.event-reporters.rollout |
-| global.runtime | object | `{"cluster":"https://kubernetes.default.svc","codefreshHosted":false,"eventBus":{"annotations":{},"name":"codefresh-eventbus","nats":{"native":{"auth":"token","containerTemplate":{"resources":{"limits":{"cpu":"500m","ephemeral-storage":"2Gi","memory":"4Gi"},"requests":{"cpu":"200m","ephemeral-storage":"2Gi","memory":"1Gi"}}},"maxPayload":"4MB","replicas":3}},"pdb":{"enabled":true,"minAvailable":2}},"gitCredentials":{"password":{"secretKeyRef":{},"value":null},"username":"username"},"ingress":{"annotations":{},"className":"nginx","enabled":false,"hosts":[],"protocol":"https","skipValidation":false,"tls":[]},"ingressUrl":"","isConfigurationRuntime":false,"name":null}` | Runtime level settings |
+| global.nodeSelector | object | `{}` | Global nodeSelector for all components |
+| global.runtime | object | `{"cluster":"https://kubernetes.default.svc","codefreshHosted":false,"eventBus":{"annotations":{},"name":"codefresh-eventbus","nats":{"native":{"affinity":{},"auth":"token","containerTemplate":{"resources":{"limits":{"cpu":"500m","ephemeral-storage":"2Gi","memory":"4Gi"},"requests":{"cpu":"200m","ephemeral-storage":"2Gi","memory":"1Gi"}}},"maxPayload":"4MB","nodeSelector":{},"replicas":3,"tolerations":[]}},"pdb":{"enabled":true,"minAvailable":2}},"gitCredentials":{"password":{"secretKeyRef":{},"value":null},"username":"username"},"ingress":{"annotations":{},"className":"nginx","enabled":false,"hosts":[],"labels":{},"protocol":"https","skipValidation":false,"tls":[]},"ingressUrl":"","isConfigurationRuntime":false,"name":null}` | Runtime level settings |
 | global.runtime.cluster | string | `"https://kubernetes.default.svc"` | Runtime cluster. Should not be changed. |
 | global.runtime.codefreshHosted | bool | `false` | Defines whether this is a Codefresh hosted runtime. Should not be changed. |
 | global.runtime.eventBus.annotations | object | `{}` | Annotations on EventBus resource |
@@ -381,15 +396,16 @@ sealed-secrets:
 | global.runtime.gitCredentials.password.secretKeyRef | object | `{}` | secretKeyReference for Git credentials password. Provide name and key fields. |
 | global.runtime.gitCredentials.password.value | string | `nil` | Plain text password |
 | global.runtime.gitCredentials.username | string | `"username"` | Username. Optional when using token in password. |
-| global.runtime.ingress | object | `{"annotations":{},"className":"nginx","enabled":false,"hosts":[],"protocol":"https","skipValidation":false,"tls":[]}` | Ingress settings |
+| global.runtime.ingress | object | `{"annotations":{},"className":"nginx","enabled":false,"hosts":[],"labels":{},"protocol":"https","skipValidation":false,"tls":[]}` | Ingress settings |
 | global.runtime.ingress.enabled | bool | `false` | Defines if ingress-based access mode is enabled for runtime. To use tunnel-based (ingressless) access mode, set to false. |
 | global.runtime.ingress.hosts | list | `[]` | Hosts for runtime ingress. Note that Codefresh platform will always use the first host in the list to access the runtime. |
 | global.runtime.ingress.protocol | string | `"https"` | The protocol that Codefresh platform will use to access the runtime ingress. Can be http or https. |
 | global.runtime.ingress.skipValidation | bool | `false` | if set to true, the pre-install hook will validate the existance of appropriate values, but *will not* attempt to make a web request to the ingress host |
 | global.runtime.ingressUrl | string | `""` | Explicit url for runtime ingress. Provide this value only if you don't want the chart to create and ingress (global.runtime.ingress.enabled=false) and tunnel-client is not used (tunnel-client.enabled=false) |
 | global.runtime.isConfigurationRuntime | bool | `false` | is the runtime set as a "configuration runtime". |
 | global.runtime.name | string | `nil` | Runtime name. Must be unique per platform account. |
-| installer | object | `{"argoCdVersionCheck":{"argoServerLabels":{"app.kubernetes.io/component":"server","app.kubernetes.io/part-of":"argocd"}},"image":{"pullPolicy":"IfNotPresent","repository":"quay.io/codefresh/gitops-runtime-installer","tag":""},"skipValidation":false}` | Runtime installer used for running hooks and checks on the release |
+| global.tolerations | list | `[]` | Global tolerations for all components |
+| installer | object | `{"affinity":{},"argoCdVersionCheck":{"argoServerLabels":{"app.kubernetes.io/component":"server","app.kubernetes.io/part-of":"argocd"}},"image":{"pullPolicy":"IfNotPresent","repository":"quay.io/codefresh/gitops-runtime-installer","tag":""},"nodeSelector":{},"skipValidation":false,"tolerations":[]}` | Runtime installer used for running hooks and checks on the release |
 | installer.skipValidation | bool | `false` | if set to true, pre-install hook will *not* run |
 | internal-router.affinity | object | `{}` |  |
 | internal-router.clusterDomain | string | `"cluster.local"` |  |
@@ -424,6 +440,6 @@ sealed-secrets:
 | internal-router.serviceAccount.name | string | `""` |  |
 | internal-router.tolerations | list | `[]` |  |
 | sealed-secrets | object | `{"fullnameOverride":"sealed-secrets-controller","image":{"registry":"quay.io","repository":"codefresh/sealed-secrets-controller","tag":"0.29.0"},"keyrenewperiod":"720h","resources":{"limits":{"cpu":"500m","memory":"1Gi"},"requests":{"cpu":"200m","memory":"512Mi"}}}` | --------------------------------------------------------------------------------------------------------------------- |
-| tunnel-client | object | `{"enabled":true,"libraryMode":true,"tunnelServer":{"host":"register-tunnels.cf-cd.com","subdomainHost":"tunnels.cf-cd.com"}}` | Tunnel based runtime. Not supported for on-prem platform. In on-prem use ingress based runtimes. |
+| tunnel-client | object | `{"affinity":{},"enabled":true,"libraryMode":true,"nodeSelector":{},"tolerations":[],"tunnelServer":{"host":"register-tunnels.cf-cd.com","subdomainHost":"tunnels.cf-cd.com"}}` | Tunnel based runtime. Not supported for on-prem platform. In on-prem use ingress based runtimes. |
 | tunnel-client.enabled | bool | `true` | Will only be used if global.runtime.ingress.enabled = false |
 | tunnel-client.libraryMode | bool | `true` | Do not change this value! Breaks chart logic |

charts/gitops-runtime/README.md.gotmpl

@@ -16,6 +16,27 @@ See [Use OCI-based registries](https://helm.sh/docs/topics/registries/)
 ## Codefresh official documentation:
 Prior to running the installation please see the official documentation at: https://codefresh.io/docs/docs/installation/gitops/hybrid-gitops-helm-installation/
 
+## Argo-workflows artifact and log storage
+Codefresh provides a SaaS object storage based solution for Argo workflows logs storage. The chart deploys a configmap named `codefresh-workflows-log-store` with the repository configuration.
+If you want to utilize the Codefresh SaaS solution for log storage for all workflows in the runtime please set the following values:
+
+```yaml
+argo-workflows:
+  controller:
+    workflowDefaults:
+      spec:
+        artifactRepository:
+          configMap: codefresh-workflows-log-store
+          key: codefresh-workflows-log-store
+```
+
+
+> [!WARNING]
+> It's highly recommended to use your own artifact storage for data privacy reasons.
+> Codefresh provided storage has a retention policy of 14 days and limitations on uploaded file sizes.
+> Please refer to the official documentation for more details.
+
+
 ## Installation with External ArgoCD
 
 If you want to use an existing ArgoCD installation, you can disable the built-in ArgoCD and configure the GitOps Runtime to use the external ArgoCD.

charts/gitops-runtime/templates/codefresh-workflow-log-store.yaml

@@ -0,0 +1,23 @@
+{{- if .Values.codefreshWorkflowLogStoreCM.enabled }}
+    {{- $_ := required "global.codefresh.accountId is required if codefreshWorkflowLogStoreCM is enabled" .Values.global.codefresh.accountId }}
+apiVersion: v1
+data:
+  codefresh-workflows-log-store: |
+    archiveLogs: true
+    s3:
+      bucket: {{ .Values.global.codefresh.accountId }}
+      endpoint: {{ .Values.codefreshWorkflowLogStoreCM.endpoint }}
+      insecure: {{ .Values.codefreshWorkflowLogStoreCM.insecure }}
+      keyFormat: {{ .Values.global.runtime.name }}/{{ "{{" }}workflow.name{{ "}}" }}/{{ "{{" }}pod.name{{ "}}" }}
+      accessKeySecret:
+        name: codefresh-token
+        key: token
+      secretKeySecret:
+        name: codefresh-token
+        key: token
+kind: ConfigMap
+metadata:
+  annotations:
+    workflows.argoproj.io/default-artifact-repository: codefresh-workflows-log-store
+  name: codefresh-workflows-log-store
+{{- end }}

charts/gitops-runtime/templates/tunnel-client.yaml

@@ -10,4 +10,4 @@ reduce complexity of installation and number or mandatory values to provide for
 {{ $runtimeName := required "runtime.name is required" .Values.global.runtime.name }}
 {{ $_ := set $tunnelClientContext.Values.tunnel "subdomainPrefix" (printf "%s-%s" $accoundId $runtimeName)}}
 {{- include "codefresh-tunnel-client.resources" $tunnelClientContext }}
-{{- end }}
+{{- end }}

charts/gitops-runtime/tests/codefresh-workflow-logs-store.yaml

@@ -0,0 +1,67 @@
+suite: codefresh-workflow-logs-store tests
+templates:
+  - codefresh-workflow-log-store.yaml
+tests:
+
+- it: Should only create the configmap when enabled
+  template: 'codefresh-workflow-log-store.yaml'
+  values:
+  - ./values/mandatory-values.yaml
+  set:
+    codefreshWorkflowLogStoreCM.enabled: false
+  asserts:
+  - hasDocuments:
+      count: 0
+
+- it: Should only create the configmap when enabled
+  template: 'codefresh-workflow-log-store.yaml'
+  values:
+  - ./values/mandatory-values.yaml
+  set:
+    codefreshWorkflowLogStoreCM.enabled: true
+  asserts:
+  - hasDocuments:
+      count: 1
+
+- it: Should fail if the accountId is not set
+  template: 'codefresh-workflow-log-store.yaml'
+  values:
+  - ./values/mandatory-values.yaml
+  set:
+    codefreshWorkflowLogStoreCM.enabled: true
+    global.codefresh.accountId: ""
+  asserts:
+  - failedTemplate:
+      errorMessage: 'global.codefresh.accountId is required if codefreshWorkflowLogStoreCM is enabled'
+
+- it: ConfigMap data populated with the correct values
+  template: 'codefresh-workflow-log-store.yaml'
+  values:
+  - ./values/mandatory-values.yaml
+  set:
+    global:
+      runtime:
+        name: test-runtime
+    codefreshWorkflowLogStoreCM.enabled: true
+    global.codefresh.accountId: "test-account"
+    codefreshWorkflowLogStoreCM:
+      enabled: true
+      endpoint: test.codefresh.io
+      insecure: true
+  asserts:
+  - equal:
+      path: data
+      value:
+        codefresh-workflows-log-store: |
+          archiveLogs: true
+          s3:
+            bucket: test-account
+            endpoint: test.codefresh.io
+            insecure: true
+            keyFormat: test-runtime/{{workflow.name}}/{{pod.name}}
+            accessKeySecret:
+              name: codefresh-token
+              key: token
+            secretKeySecret:
+              name: codefresh-token
+              key: token

charts/gitops-runtime/values.yaml

@@ -313,7 +313,16 @@ argo-workflows:
     resources:
       requests:
         ephemeral-storage: 10Mi
+  controller:
+    workflowDefaults:
+      spec:
+        archiveLogs: true
 
+# -- Argo workflows logs storage on Codefresh platform settings. Don't change unless instructed by Codefresh support.
+codefreshWorkflowLogStoreCM:
+  enabled: true
+  endpoint: gitops-workflow-logs.codefresh.io
+  insecure: false
 #-----------------------------------------------------------------------------------------------------------------------
 # Argo rollouts
 #-----------------------------------------------------------------------------------------------------------------------
@@ -719,38 +728,6 @@ gitops-operator:
       cpu: 100m
       memory: 128Mi
 
-#-----------------------------------------------------------------------------------------------------------------------
-# Garage
-#-----------------------------------------------------------------------------------------------------------------------
-# -- Builtin Workflows artifacts storage solution. Local S3 backed by local persistence with (PV and PVC)
-garage-workflows-artifact-storage:
-  fullnameOverride: garage
-  enabled: false
-  deployment:
-    # -- Only statefulset is supported for Codefresh gitops runtime. Do not change this
-    kind: StatefulSet
-    replicaCount: 3
-  garage:
-    #-- Default to 3 replicas, see the replication_mode section at https://garagehq.deuxfleurs.fr/documentation/reference-manual/configuration/#replication-mode
-    replicationMode: 3
-  persistence:
-    enabled: true
-    # -- Volume that stores cluster metadata
-    meta:
-      # -- When empty value empty the default storage class for the cluster will be used
-      storageClass: ""
-      size: 100Mi
-    # -- Volume that stores artifacts and logs for workflows
-    data:
-      # -- When empty value empty the default storage class for the cluster will be used
-      storageClass: ""
-      size: 100Mi
-  # -- Resources for garage pods. For smaller deployments at least 100m CPU and 1024Mi memory is reccommended. For larger deployments double this size.
-  resources: {}
-  # -- Helm tests
-  tests:
-    enabled: false
-
 #-----------------------------------------------------------------------------------------------------------------------
 # cf-argocd-extras
 #-----------------------------------------------------------------------------------------------------------------------